Published December 29, 1999
Security Certificates within older Web browsers will expire as of January 1, 2000. This is not a Y2K problem, but simply a prearranged termination of the codes that authenticate secure transactions online. Downloading a newer release of the browser software will solve this minor inconvenience.
The most common use of the security certificate, within Web browser software, is to enable secure encryption of credit card authorization for products or services purchases online. When you see the padlocked icon, you know the site is secure. Also any site handling confidential, legal, or financial matters requires the use of the certificate.
Those who use older versions of Microsoft Internet Explorer and Netscape Navigator/Communicator are encouraged to download the newest or newer free programs. Without it, accessing secure sites after December 31st may be hampered or potentially insecure.
All current versions of Internet Explorer for the Macintosh are affected. At this late hour, a workable upgrade does not exist from Microsoft for this platform. An alternative, for the moment at least, is to switch to Netscape Navigator 4.08 or the latest Netscape Communicator 4.7.
Windows Internet Explorer 3.x (including AOL 3), 4.x, and 5.x are functional now with valid security certificates, reports VeriSign. If you use one of these, upgrading is not necessary but can be beneficial for other reasons. Each newer version of software does remedy earlier bugs (software problems). However, every new version has historically introduced new unidentified or unresolved problems in the code.
Microsoft’s email program, Outlook Express 4.x, still exhibits some minor Y2K conflicts. The solution is to update all versions of Outlook Express to version 5.x.
Netscape Navigator and Communicator browser users should upgrade if your version is 4.05 or earlier. Netscape Navigator 3.x definitely contains expired root certificates. So to continue accessing secure web pages with confidence, a newer version should be downloaded from AOL’s NetCenter.com (formerly www.netscape.com).
A sensible approach for anyone using new software is to retain the older version on your hard drive for a time while using the newer one. If, after a reasonable interval, the new software seems to function satisfactorily, then delete the older one. Some folks have discovered that the older versions have features that the newer ones have omitted, such as sorting Bookmarks/ Favorites lists.
If you use Netscape for e-mail, upgrade to version 4.7 to benefit by the many bug-fixes. The latest Netscape version is now 4.7, and a 5.0 is due to be released soon.
The process of safely sending information via a Web page’s form involves a process of scrambling the content during transmission to its destination. The jumble of unreadable characters is deciphered at the receiving end. The objective is to prevent unauthorized eyes along the electronic route from seeing and/or using the information.
The flow is typically like a relay race: parts of a message (not the whole thing) are sent down different paths of the global network. The message packets may temporarily be stored and then passed along.
If the data is an unintelligible scramble of letters, numbers and symbols (encrypted), no one can possibly understand it without access to a lengthy code called the public key, half of the key code in the signature of the issuing certificate. The other half is the merchant’s private key. Together these two long character strings unlock the message. Its a reasonably secure process, certainly more-so than reading your credit card number to a clerk over the telephone.
A Certificate Authority (CA) is, by design, issued for only a finite period. As computers and technology improve, older generations become vulnerable. Older codes in circulation are at risk, susceptible to attack by people using more powerful computers. Root certificates are, therefore, issued to expire in 5 years.
VeriSign is the most prominent certificate authority and the only one annually audited. The accounting firm of KPMG Peat Marwick authenticates VeriSign’s adherence to practices. Others such as Entrust and GTE CyberTrust are minor players that contribute to other limitations. Microsoft’s IE 3.x, for instance, with a certificate authority from Entrust, will disallow access to secure transactions by the opening to this new year.
Most earlier versions of Microsoft browsers do not check for the expiration date of the CA certificates. Also, a bug in Internet Explorer 4.01 and 4.5 for Macintosh will block users’ access to secured Web pages.
To learn the version number of your browser, find the original application program icon on your hard drive. Click to view Properties (Windows) or Get Info (Mac). The creation date should also show there.
The best and easiest solution is to upgrade your Netscape Navigator Web browser to 4.08 or to Communicator 4.7, or use Microsoft’s Internet Explorer 4.51. Some people use both company’s products, even simultaneously.
_____________
Web Links:
http://www.iplanet.com/cert/
http://www.microsoft.com/mac/iesecissue
http://www.netcenter.com/computing/download/index.html
http://www.verisign.com/server/cus/rootcert/faq.html
http://www.verisign.com/server/cus/rootcert/webmaster.html